Question about what is being stored on your computer

I have no idea how to formulate a fitting thread title, so please bear with me.

My dad had some super confidential files on his USB stick and he asked me to encrypt them, so nobody else but him could access them.

So I put the USB into my PC, created an encrypted storage with TrueCrypt and stored the confidential files in that storage. I have not copied the files to my PC, nor was the truecrypt storage ever on my HDD. Everything happened on that USB stick.

My dad now wants me to shred the HDD... I've got no real clue if somebody could recover those files from the HDD, even though it has never been on it.

Is simply inserting a USB and moving files around on the USB enough to leave traces on the PC?

Before somebody asks wtf was in those files... don't even bother, I've got no clue myself. Just some text files... so no picture preview or anything that could have been triggered.

For now I have told him that shredding my HDD is no option. I would have to buy an external to save my stuff before even considering something like this... But my dad is pretty serious about this.

To clear things up a bit: My dad has his own company. They are quite successful and 'big', but he got no IT stuff or anything. Yet they have to deal with confidential things and they have to hide things from their competitors. He is paranoid about getting hacked after he noticed some strange log ins into his email account...

When u delete a file/folder from your external flash drive the files will get deleted and not go to your local pc's recycle bin.

If you really want to be sure and safe then do it on a pc that's not connected to the internet and also don't open the files/folders. Do a quick format on the flash drive and that will clear off the flash drive if you wanna clear all of its contents.

it's possible truecrypt stored your private key on your HDD as part of an asymmetrical encryption

however, unless you are expecting the government to raid your house, shredding your HDD is not necessary, even still, if your dad insists, agree to it after he buys you a few SSD's and gives you a chance to back up your data

also, if you're dad is serious about that data, truecrypt and bitlocker are pointless, they are both as effective as using '1234' for a password, i can crack an 8GB usb drive encrypted with truecrypt in 1-2 hours using cuda

it's possible truecrypt stored your private key on your HDD as part of an asymmetrical encryption

however, unless you are expecting the government to raid your house, shredding your HDD is not necessary, even still, if your dad insists, agree to it after he buys you a few SSD's and gives you a chance to back up your data

also, if you're dad is serious about that data, truecrypt and bitlocker are pointless, they are both as effective as using '1234' for a password, i can crack an 8GB usb drive encrypted with truecrypt in 1-2 hours using cuda

Are you serious? I looked up the whole internet almost and it is said that not even the FBI was able to crack a truecrypt file that has been set up properly with a good enough password. He said that if somebody would steal these text files, his company could be seriously damaged and that's why he's being so paranoid about it. I'd like to help him out as good as possible.

I know this isn't exactly what you were asking for, but if your father is that concerned about his IT security then it's time to hire a professional, instead of having his son do it because "You're good with computers".

the FBI can crack anything they want, it's usually an issue of legality when they can't, not capability, it's not like their super computers are using P4s

Might be true. But I don't think the FBI or any government is going to raid us anyway. But it kinda worries me that you make TrueCrypt look so unsafe. Any safer alternatives? Or should I just tell him to get the Ironkey? How crackable is that one?

Originally Posted by Beyturga

I know this isn't exactly what you were asking for, but if your father is that concerned about his IT security then it's time to hire a professional, instead of having his son do it because "You're good with computers".

That's what I told him, too. Yet he doesn't want to spend money on it... even though he could easily afford it.

the FBI can crack anything they want, it's usually an issue of legality when they can't, not capability, it's not like their super computers are using P4s

Things such as the DoD and FBI do not use encryption software unless they themselves can crack it, afaik. When Bitlocker first came out, it may have been uncrackable, but by now it is definitely crackable. However the speed at which some of these programs claim to be able to crack Truecrypt and BitLocker seems a bit off to me... unless they are doing some clever marketing and using supercomputers to get these instantaneous results.

Might be true. But I don't think the FBI or any government is going to raid us anyway. But it kinda worries me that you make TrueCrypt look so unsafe. Any safer alternatives? Or should I just tell him to get the Ironkey? How crackable is that one?

hardware based encryption is much better than software, ironkeys are not uncrackable (nothing is) it's just a matter of time and money, (which is a whole different topic atm in white hat groups) but they are certainly better than a basic truecrypt run on a standard flash drive

there are ways to improve bitlocker and truecrypt, such as using a TPM chip on your motherboard, a 24+ character passphrase, and 512bit encryption

Originally Posted by Beyturga

Things such as the DoD and FBI do not use encryption software unless they themselves can crack it, afaik. When Bitlocker first came out, it may have been uncrackable, but by now it is definitely crackable. However the speed at which some of these programs claim to be able to crack Truecrypt and BitLocker seems a bit off to me... unless they are doing some clever marketing and using supercomputers to get these instantaneous results.

well, decryption has been advancing much more in the last 2-3 years, it's now more of a sport with groups competing to see who can crack various forms of encryption the fastest, just a few years ago, WPA could not be cracked, then it was, but took almost a year and now:

thats a SHA512 key cracked in 27 seconds using just a CPU and 2 AMD GPUs

That's what I told him, too. Yet he doesn't want to spend money on it... even though he could easily afford it.

Pose this question to him: "What's going to cost you more money: Hiring someone who is trained and informed on protecting your information? Or having those files compromised and losing business/money?"

I'm at the start of my IT career, yet I've still dealt with this situation a couple times already. Mainly to do with password policies. Bosses complaining and threatening because they don't want to have to follow a complex password requirement that remembers the last X amount of passwords used and has to be changed every 30 days etc etc. I sit them down and hypothesize what is cheaper, them remembering a complex password that gives better security, or him being able to have his password be spacebar and that it never expires, when their account has access to very privy information that can make or break the company that Bob the janitor can walk up to after-hours and log in and walk out the door with all his confidential information.

---------- Post added 2012-11-21 at 10:50 PM ----------

Originally Posted by Cyanotical

well, decryption has been advancing much more in the last 2-3 years, it's now more of a sport with groups competing to see who can crack various forms of encryption the fastest, just a few years ago, WPA could not be cracked, then it was, but took almost a year and now:

I'm not saying I don't believe you, but I'm rather curious. Do you mean WPA or WPA2?

I'm at the start of my IT career, yet I've still dealt with this situation a couple times already. Mainly to do with password policies. Bosses complaining and threatening because they don't want to have to follow a complex password requirement that remembers the last X amount of passwords used and has to be changed every 30 days etc etc. I sit them down and hypothesize what is cheaper, them remembering a complex password that gives better security, or him being able to have his password be spacebar and that it never expires, when their account has access to very privy information that can make or break the company that Bob the janitor can walk up to after-hours and log in and walk out the door with all his confidential information.

^this, the number one reason so many websites and companies get compromised is because somebody high up doesnt want to deal with complex password policies, or spend money on upgraded firewalls, two factor authentication, etc

^this, the number one reason so many websites and companies get compromised is because somebody high up doesnt want to deal with complex password policies, or spend money on upgraded firewalls, two factor authentication, etc

That's exactly my dad. Even though he's a somewhat respectable entrepreneur, his passwords suck balls and he has no clue about IT security. That's why I have to help him out first and do some first aid before I convince him to leave me alone and hire somebody who actually learned more than just how to properly set up a network.

Also, TrueCrypt has the advantage that you can disguise the storage. Just give it some generic name like 'SoftwareUpdate.dll' and hide it in some program that you have on your flash drive.

I'm not saying I don't believe you, but I'm rather curious. Do you mean WPA or WPA2?

actually, anymore, not even WPA2-ENT is secure, MSChapv2 was cracked this year, and that's what most RADIUS servers run

the scary thing from an IT standpoint is that you only need one packet to decrypt WPA/WPA2, not like WEP which can take a while to gather IVs, giving securrity a chance to spot someone with a laptop who shouldn't be there

you dont even need a high power computer to do it, people run hashcat on EC2 all the time

although, this is all somewhat mute anyway, if someone really really wants in your network, they will get in, current security measure stop 95% of hackers, its the other 5% that you have to worry about

---------- Post added 2012-11-21 at 10:06 PM ----------

Originally Posted by StayTuned

That's exactly my dad. Even though he's a somewhat respectable entrepreneur, his passwords suck balls and he has no clue about IT security. That's why I have to help him out first and do some first aid before I convince him to leave me alone and hire somebody who actually learned more than just how to properly set up a network.

Also, TrueCrypt has the advantage that you can disguise the storage. Just give it some generic name like 'SoftwareUpdate.dll' and hide it in some program that you have on your flash drive.

a method that we developed back in my enterprise security class was thought to be uncrackable, the problem is that it is almost completely impractical

create your secure data, and bury it in another functional file
place that file on a VM, and then encrypt it within the VM
encrypt the VM file within the actual OS
store the VM on a 3-4 disk RAID0 array
then encrypt and password protect each hard drive
store each hard drive in a separate location, such as bank deposit boxes at different banks

so, the reverse of that is rather painful, and you have a high risk of data corruption ruining the whole thing, but it should be nearly impossible to extract the secure data without full knowledge of the system

a method that we developed back in my enterprise security class was thought to be uncrackable, the problem is that it is almost completely impractical

create your secure data, and bury it in another functional file
place that file on a VM, and then encrypt it within the VM
encrypt the VM file within the actual OS
store the VM on a 3-4 disk RAID0 array
then encrypt and password protect each hard drive
store each hard drive in a separate location, such as bank deposit boxes at different banks

so, the reverse of that is rather painful, and you have a high risk of data corruption ruining the whole thing, but it should be nearly impossible to extract the secure data without full knowledge of the system

Yeah... but that is really impractical. You want to have access to that data, otherwise you can just delete it and burn the HDD to ashes. Tell me, how can somebody hack something, if he doesn't even know where to search? An encrypted file could be literally everywhere on my PC. 1kb big, 1mb big, a .dll, a .exe a .txt. It could be called 'update' or 'driver or 'data'. Anything.

Yeah... but that is really impractical. You want to have access to that data, otherwise you can just delete it and burn the HDD to ashes. Tell me, how can somebody hack something, if he doesn't even know where to search? An encrypted file could be literally everywhere on my PC. 1kb big, 1mb big, a .dll, a .exe a .txt. It could be called 'update' or 'driver or 'data'. Anything.

well a 6GB txt file is a dead give away

it's not easy, but, in certain countries there are rooms of hundreds of paid hackers

if say your HDD was copied or stolen on a business trip, they would each take a section of files and systematically check each file

but, if you are worried about a typical "hacker" script kiddie, then no, they wont find it, nor do they generally know about software like passware, most tend to shy away from the expensive professional software suites

it's not easy, but, in certain countries there are rooms of hundreds of paid hackers

if say your HDD was copied or stolen on a business trip, they would each take a section of files and systematically check each file

but, if you are worried about a typical "hacker" script kiddie, then no, they wont find it, nor do they generally know about software like passware, most tend to shy away from the expensive professional software suites

Haha. I obviously didn't make the file a 6gb big .txt ^^
And thanks so far. You helped me out even if doesn't look like it. We never had any issues regarding IT security, but seeing how fast the technology is progressing it is better to be safe than sorry. Most of the people my dad has to deal with are pretty much IT illiterates themselves, so even if they manage to steal the USB, I am almost sure they won't find the files they are searching for.

I am going to make him use Comodo in future and tell him to buy that Ironkey USB. Using that and TrueCrypt to hide files should be sufficient for now.

Yeah... but that is really impractical. You want to have access to that data, otherwise you can just delete it and burn the HDD to ashes. Tell me, how can somebody hack something, if he doesn't even know where to search. An encrypted file could be literally everywhere on my PC. 1kb big, 1mb big, a .dll, a .exe a .txt. Anything.

If you're not educated or careful then I could just look for files that are "wrong". Encrypted data looks unstructured and random so doing something like naming a file "libxml.dll" when it's actually an aes encrypted file isn't going to work because they'll just pipe ls -aR through file -f. Better approaches are available of course, but this 'rename the file' approach has probably been used by every teenage boy to hide their porn so it's worth mentioning.

Truecrypt's value over bitlocker or filevault isn't the encryption it offers but the plausible deniability: it stores your data in a way that you can convincingly claim "it's not there".

While breaking the encryption might be a concern for run of the mill criminals it's not going to help if you're dealing with a government that can compel you to turn over the keys (through the courts or cutting off your fingers until you tell them what they want to know). A big encrypted file/drive is a giveaway that you've got something to hide: they'll know to torture you to be able to look inside. Truecrypt is valuable because it lets you say "there's no such file on the drive". Even if they detect the truecrypt volume (which they can) you can have nested volumes that are impossible to distinguish from random noise. When 'the man' starts breaking your toes with a hammer you can give him the keys to your top-level volume that he knows exists and then deny to the death that a second or third one is on that drive and he'll have no way to know for certain that you're hiding something.